Full Disclosure mailing list archives
Re: screen 4.0.3 local Authentication Bypass
From: "Lolek of TK53" <lolek1337 () googlemail com>
Date: Mon, 4 Jun 2007 19:00:38 +0200
Hi, On 6/4/07, rembrandt () jpberlin de <rembrandt () jpberlin de> wrote:
Please take a look at the Attachement dear List moderator. :)
...
It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86. How to reproduce: Lock screen using ctrl+x Choose a Password Confirm the Password Screen asks for a Password to unlock the screen. Just press ctrl+c and it displays "Getpass error". 2 seconds later the screen is unlocked and you`ve access.
This is not reproducable with screen 4.0.3 on a Linux system. Also with looking at the code of screen I can see no vulnerability in this context. Can you show some code that proves your claim? If not I suggest to get a better operating system distributor ;) Cheers Lolek of TK53 P.S. It's ctrl-a x not ctrl-x _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- screen 4.0.3 local Authentication Bypass rembrandt (Jun 03)
- Full Path Disclosure eqDKP 1.3.2c and prior kefka (Jun 03)
- Re: screen 4.0.3 local Authentication Bypass Alexander Klink (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Christian "Khark" Lauf (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Schanulleke (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Lolek of TK53 (Jun 05)
- Re: screen 4.0.3 local Authentication Bypass Christian "Khark" Lauf (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Lolek of TK53 (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Pranay Kanwar (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Sûnnet Beskerming (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Paul Melson (Jun 05)
- Re: screen 4.0.3 local Authentication Bypass Pranay Kanwar (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Sûnnet Beskerming (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Open Phugu (Jun 04)
- Re: screen 4.0.3 local Authentication Bypass Oliver Starke (Jun 05)
- Re: screen 4.0.3 local Authentication Bypass Frank Thyes (Jun 05)